* docs: remove confusing notes on Node
* Update docs/tutorial/first-app.md
Co-authored-by: Mark Lee <malept@users.noreply.github.com>
Co-authored-by: Mark Lee <malept@users.noreply.github.com>
* docs: add references to app.whenReady() in isReady
* refactor: prefer app.whenReady()
In the docs, specs, and lib, replace instances of `app.once('ready')`
(seen occasionally) and `app.on('ready')` (extremely common) with
`app.whenReady()`.
It's better to encourage users to use whenReady():
1. it handles the edge case of registering for 'ready' after it's fired
2. it avoids the minor wart of leaving an active listener alive for
an event that wll never fire again
Versions didn't show and I was getting errors in the Developer Tools: `Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'"`. The cause is probably that Chrome has implemented extra security since this tutorial was created. Added 'unsafe-inline' and it works.
I've asked #19775 because I was frustrated with how hard it was to find a way to fix (instead of hide) the CSP warning in Electron and I complained that even the official quick start guide wasn't compliant with the security checklist at https://electronjs.org/docs/tutorial/security. Someone helped me out with a CSP meta tag which I have later noticed is indeed mentioned in the checklist, too: https://electronjs.org/docs/tutorial/security#csp-meta-tag. I have not used the checklist one verbatim because it prevents a `script` tag from working when serving `index.html` through the `file:` protocol as the quick start does. I instead used the one the person in my issue recommended which seems to work well to me. I am not that well versed in CSP so there might be a better policy to include with the quick start, but this is what I've got for now.
